Hello community, here is the log from the commit of package nginx-0.8 for openSUSE:11.4 checked in at Mon Nov 21 15:26:41 CET 2011.
-------- --- old-versions/11.4/all/nginx-0.8/nginx-0.8.changes 2011-02-09 11:43:40.000000000 +0100 +++ 11.4/nginx-0.8/nginx-0.8.changes 2011-11-21 12:28:23.000000000 +0100 @@ -1,0 +2,42 @@ +Mon Nov 21 11:21:01 UTC 2011 - [email protected] + +- Fixed VUL-0: CVE-2011-4315: nginx: heap overflow (bnc #731084) + +------------------------------------------------------------------- +Tue Aug 16 14:32:05 UTC 2011 - [email protected] + +- require a specific rubygem-rack to avoid have choice problem + +------------------------------------------------------------------- +Thu Apr 14 12:57:54 UTC 2011 - [email protected] + +- dont build the geoip module on sles + +------------------------------------------------------------------- +Thu Apr 14 12:17:29 UTC 2011 - [email protected] + +- move the libatomic usage to sle11/11.1 or newer + +------------------------------------------------------------------- +Thu Apr 14 10:50:55 UTC 2011 - [email protected] + +- sync with the 1.0 package + - build with libatomic_ops + - minor spec file cleanup + - use perl instead of dos2unix + - remove commented out patches from the preamble + - fix ordering in preamble + - Add epoll in default events config as recommended in + http://www.kegel.com/c10k.html#nb.epoll. + - enable building of the passenger extension + - added more directives to the configure line + - specify tmp path for scgi/uwsgi + - enabled more modules + - geoip lookup + - http_degradation + - mail ssl support + - added build time options to build the profiling/testing stuff + - see with_google_perftools and with_cpp_test +- recompress tarball as bz2 + +------------------------------------------------------------------- @@ -10,0 +53,13 @@ + +------------------------------------------------------------------- +Wed Dec 15 13:05:00 UTC 2010 - [email protected] + +- update to 0.8.54 + * Bugfix: if there was a single server for given IPv6 + address:port pair, then captures in regular expressions in a + "server_name" directive did not work. + * Bugfix: a segmentation fault might occur in a worker process, + if the "auth_basic" directive was used. + Thanks to Michail Laletin. + * Bugfix: compatibility with ngx_http_eval_module; the bug had + appeared in 0.8.42. Package does not exist at destination yet. Using Fallback old-versions/11.4/all/nginx-0.8 Destination is old-versions/11.4/UPDATES/all/nginx-0.8 calling whatdependson for 11.4-i586 Old: ---- nginx-0.8.53.tar.bz2 New: ---- nginx-0.8.54.tar.bz2 nginx-svn4268.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx-0.8.spec ++++++ --- /var/tmp/diff_new_pack.iSOn91/_old 2011-11-21 15:24:30.000000000 +0100 +++ /var/tmp/diff_new_pack.iSOn91/_new 2011-11-21 15:24:30.000000000 +0100 @@ -18,8 +18,8 @@ Name: nginx-0.8 -Version: 0.8.53 -Release: 4.<RELEASE3> +Version: 0.8.54 +Release: 2.<RELEASE2> # %define pkg_name nginx # @@ -27,56 +27,77 @@ %define ngx_sbindir %{_sbindir}/nginx %define ngx_conf_dir %{_sysconfdir}/nginx %define ngx_conf_path %{ngx_conf_dir}/nginx.conf -%define ngx_error_log /var/log/nginx/error.log -%define ngx_access_log /var/log/nginx/access.log +%define ngx_log_dir /var/log/nginx +%define ngx_error_log %{ngx_log_dir}/error.log +%define ngx_access_log %{ngx_log_dir}/access.log %define ngx_pid_path /var/run/nginx.pid %define ngx_lock_path /var/run/nginx.lock %define ngx_home /var/lib/nginx %define ngx_tmp_http %{ngx_home}/tmp/ %define ngx_tmp_proxy %{ngx_home}/proxy/ %define ngx_tmp_fcgi %{ngx_home}/fastcgi/ +%define ngx_tmp_scgi %{ngx_home}/scgi/ +%define ngx_tmp_uwsgi %{ngx_home}/uwsgi/ %define ngx_user_group nginx -%define rubygem_passenger_version 3.0.2 +%define with_cpp_test 0 +%define with_google_perftools 0 +%if 0%{?suse_version} > 1110 +%define with_geoip 1 +%endif +%if 0%{?suse_version} >= 1110 +%define with_passenger 1 +%define with_libatomic 1 +%endif # +Group: Productivity/Networking/Web/Proxy License: BSD # -Summary: A HTTP server and IMAP/POP3 proxy server +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?with_cpp_test} +BuildRequires: gcc-c++ +%endif +BuildRequires: gd-devel +%if 0%{?with_geoip} +BuildRequires: GeoIP-devel +%endif +%if 0%{?with_google_perftools} +BuildRequires: google-perftools-devel +%endif +%if 0%{?with_libatomic} +BuildRequires: libatomic-ops-devel +%endif +BuildRequires: libxslt-devel +BuildRequires: openssl-devel +BuildRequires: pcre-devel +BuildRequires: pkgconfig +BuildRequires: zlib-devel +%if 0%{?with_passenger} +BuildRequires: rubygem-passenger-devel-static rubygem-rack-1_3 +Recommends: packageand(rubygem-passenger:rubygem-passenger-nginx) +%endif +PreReq: %fillup_prereq +PreReq: %insserv_prereq +PreReq: pwdutils +Provides: nginx = %{version}-%{release} +# +Conflicts: nginx-0.5 nginx-0.6 nginx-0.7 nginx-0.9 nginx-1.0 +%requires_eq perl # Url: http://nginx.net/ -Group: Productivity/Networking/Web/Proxy Source: http://sysoev.ru/nginx/nginx-%{version}.tar.bz2 Source1: nginx.init # PATCH-FIX-UPSTREAM nginx-0.4.0-no_Werror.patch Patch: nginx-0.4.0-no_Werror.patch -# PATCH-FIX-UPSTREAM nginx-0.6.31-DESTDIR.patch -# Patch1: nginx-0.6.31-DESTDIR.patch -# Patch2: nginx-0.4.0-html.patch # PATCH-FIX-UPSTREAM nginx-0.6.38-html.patch Patch2: nginx-0.6.38-html.patch # PATCH-FIX-UPSTREAM nginx-0.4.0-perl_vendor_install.patch Patch3: nginx-0.4.0-perl_vendor_install.patch # PATCH-FIX-UPSTREAM nginx-0.6.31_default_config.patch Patch4: nginx-0.6.31_default_config.patch -BuildRequires: dos2unix -BuildRequires: gd-devel -BuildRequires: libxslt-devel -BuildRequires: openssl-devel -BuildRequires: pcre-devel -BuildRequires: pkgconfig -BuildRequires: zlib-devel -BuildRequires: rubygem-passenger-nginx = %rubygem_passenger_version -BuildRequires: gcc-c++ -BuildRequires: libcurl-devel -Requires: rubygem-passenger-nginx, pcre -PreReq: %fillup_prereq -PreReq: %insserv_prereq -PreReq: pwdutils -Provides: nginx = %{version} -Provides: nginx-passenger = %{version} +# PATCH-FIX-UPSTREAM +Patch5: nginx-svn4268.patch # -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Conflicts: nginx-0.5 nginx-0.6 nginx-0.7 -%requires_eq perl +Summary: A HTTP server and IMAP/POP3 proxy server %description nginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sysoev. @@ -89,25 +110,17 @@ %prep %setup -n %{pkg_name}-%{version} %patch -#%patch1 %patch2 %patch3 %patch4 -dos2unix contrib/geo2nginx.pl +%patch5 +perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl %build -#copy source from rubygem-passenger in order to -#generate *.o files which will be needed for nxing comilation -cp -R %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-%{rubygem_passenger_version} . -pushd passenger-%{rubygem_passenger_version}/ - rm ext/libev/*.lo - export PATH="%{_sbindir}:$PATH" - - #compiling nginx stuff for passenger - rake nginx:clean nginx CACHING=no -popd - - ./configure \ +%if 0%{?with_passenger} +ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-* passenger +%endif +./configure \ --prefix=%{ngx_prefix}/ \ --sbin-path=%{ngx_sbindir} \ --conf-path=%{ngx_conf_path} \ @@ -118,49 +131,66 @@ --http-client-body-temp-path=%{ngx_tmp_http} \ --http-proxy-temp-path=%{ngx_tmp_proxy} \ --http-fastcgi-temp-path=%{ngx_tmp_fcgi} \ + --http-uwsgi-temp-path=%{ngx_tmp_uwsgi} \ + --http-scgi-temp-path=%{ngx_tmp_scgi} \ --user=nginx --group=nginx \ --with-rtsig_module \ --with-select_module \ --with-poll_module \ --with-ipv6 \ - %if 0%{?sles_version} == 11 || 0%{?suse_version} == 1030 || 0%{?suse_version} == 1100 || 0%{?suse_version} == 1110 || 0%{?suse_version} > 1110 +%if 0%{?suse_version} > 1110 --with-file-aio \ - %endif +%endif --with-http_ssl_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module \ --with-http_image_filter_module \ + %if 0%{?with_geoip} + --with-http_geoip_module \ + %endif --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ + --with-http_degradation_module \ --with-http_stub_status_module \ --with-http_perl_module \ --with-perl=%{_bindir}/perl \ --with-mail \ + --with-mail_ssl_module \ + --with-pcre \ + %if 0%{?with_libatomic} + --with-libatomic \ + %endif + %if 0%{?with_passenger} + --add-module=passenger/ext/nginx \ + %endif + %if 0%{?with_google_perftools} + --with-google_perftools_module \ + %endif + %if 0%{?with_cpp_test} + --with-cpp_test_module \ + %endif --with-md5=/usr \ --with-sha1=/usr \ - --with-pcre \ - --add-module=passenger-%{rubygem_passenger_version}/ext/nginx \ - %if 0%{?suse_version} > 1000 || 0%{?fedora_version} > 4 || 0%{?mandriva_version} > 2006 +%if 0%{?suse_version} > 1000 || 0%{?fedora_version} > 4 || 0%{?mandriva_version} > 2006 --with-cc-opt="%{optflags} -fstack-protector" - %else +%else --with-cc-opt="%{optflags}" - %endif +%endif %{__make} %install %makeinstall %perl_process_packlist # -%{__install} -d -m 0750 %{buildroot}%{ngx_home}/{,tmp,proxy,fastcgi} +%{__install} -d -m 0750 %{buildroot}%{ngx_home}/{,tmp,proxy,fastcgi,scgi,uwsgi} # %{__install} -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name} %{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name} -%{__rm} -rf passenger-%{rubygem_passenger_version}/ %{__rm} %{buildroot}/srv/www/htdocs/index.html %post @@ -198,26 +228,23 @@ %config(noreplace) %{ngx_conf_dir}/scgi_params.default %config(noreplace) %{ngx_conf_dir}/uwsgi_params %config(noreplace) %{ngx_conf_dir}/uwsgi_params.default -%dir %{perl_vendorarch}/auto/nginx/ -%if 0%{?suse_version} == 0 || 0%{?suse_version} <= 1130 -%{perl_vendorarch}/auto/nginx/.packlist -%endif -%{perl_vendorarch}/auto/nginx/nginx.bs -%{perl_vendorarch}/auto/nginx/nginx.so +%{perl_vendorarch}/auto/nginx/ %{perl_vendorarch}/nginx.pm %{ngx_sbindir} %{_mandir}/man3/nginx.3pm* /srv/www/htdocs/50x.html -%if 0%{?suse_version} == 0 || 0%{?suse_version} <= 1130 +%if 0%{?suse_version} && 0%{?suse_version} < 1140 %{_localstatedir}/adm/perl-modules/%{name} %endif %{_sysconfdir}/init.d/%{pkg_name} %{_sbindir}/rc%{pkg_name} %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) /var/log/nginx/ %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_home}/ -%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_home}/tmp/ -%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_home}/proxy/ -%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_home}/fastcgi/ +%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_http} +%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_proxy} +%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_fcgi} +%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_scgi} +%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_uwsgi} %doc CHANGES* LICENSE README %doc conf/ contrib/ ++++++ nginx-0.6.31_default_config.patch ++++++ --- /var/tmp/diff_new_pack.iSOn91/_old 2011-11-21 15:24:30.000000000 +0100 +++ /var/tmp/diff_new_pack.iSOn91/_new 2011-11-21 15:24:30.000000000 +0100 @@ -1,8 +1,8 @@ Index: conf/nginx.conf =================================================================== ---- conf/nginx.conf.orig 2009-04-06 15:43:46.000000000 +0200 -+++ conf/nginx.conf 2009-05-08 20:19:55.436773498 +0200 -@@ -1,12 +1,12 @@ +--- conf/nginx.conf.orig ++++ conf/nginx.conf +@@ -1,16 +1,17 @@ -#user nobody; +user nginx; @@ -20,7 +20,12 @@ events { -@@ -22,7 +22,7 @@ http { + worker_connections 1024; ++ use epoll; + } + + +@@ -22,7 +23,7 @@ http { # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; @@ -29,7 +34,7 @@ sendfile on; #tcp_nopush on; -@@ -38,10 +38,10 @@ http { +@@ -38,10 +39,10 @@ http { #charset koi8-r; @@ -42,7 +47,7 @@ index index.html index.htm; } -@@ -51,7 +51,7 @@ http { +@@ -51,7 +52,7 @@ http { # error_page 500 502 503 504 /50x.html; location = /50x.html { @@ -51,7 +56,7 @@ } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 -@@ -87,7 +87,7 @@ http { +@@ -87,7 +88,7 @@ http { # server_name somename alias another.alias; # location / { @@ -60,7 +65,7 @@ # index index.html index.htm; # } #} -@@ -110,7 +110,7 @@ http { +@@ -110,7 +111,7 @@ http { # ssl_prefer_server_ciphers on; # location / { ++++++ nginx-0.8.53.tar.bz2 -> nginx-0.8.54.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-0.8.53/CHANGES new/nginx-0.8.54/CHANGES --- old/nginx-0.8.53/CHANGES 2010-10-18 14:03:33.000000000 +0200 +++ new/nginx-0.8.54/CHANGES 2010-12-14 12:06:03.000000000 +0100 @@ -1,4 +1,18 @@ +Changes with nginx 0.8.54 14 Dec 2010 + + *) Bugfix: if there was a single server for given IPv6 address:port + pair, then captures in regular expressions in a "server_name" + directive did not work. + + *) Bugfix: a segmentation fault might occur in a worker process, if the + "auth_basic" directive was used. + Thanks to Michail Laletin. + + *) Bugfix: compatibility with ngx_http_eval_module; the bug had + appeared in 0.8.42. + + Changes with nginx 0.8.53 18 Oct 2010 *) Feature: now the "error_page" directive allows to change a status @@ -1204,7 +1218,7 @@ *) Bugfix: the "try_files" directive might test incorrectly directories. - *) Bugfix: if there is the single server for given address:port pair, + *) Bugfix: if there was a single server for given address:port pair, then captures in regular expressions in a "server_name" directive did not work. @@ -1558,7 +1572,7 @@ *) Bugfix: the "http_503" parameter of the "proxy_next_upstream" or "fastcgi_next_upstream" directives did not work. - *) Bugfix: nginx might send a "Transfer-Encoding: chunked" heaer line + *) Bugfix: nginx might send a "Transfer-Encoding: chunked" header line for HEAD requests. *) Bugfix: now accept threshold depends on worker_connections. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-0.8.53/CHANGES.ru new/nginx-0.8.54/CHANGES.ru --- old/nginx-0.8.53/CHANGES.ru 2010-10-18 14:03:31.000000000 +0200 +++ new/nginx-0.8.54/CHANGES.ru 2010-12-14 12:06:01.000000000 +0100 @@ -1,4 +1,18 @@ +��������� � nginx 0.8.54 14.12.2010 + + *) �����������: ���� ��� ���� IPv6-�����:���� ������ ������ ���� + ������, �� ��������� � ���������� ���������� � ��������� server_name + �� ��������. + + *) �����������: ��� ������������� ��������� auth_basic � ������� + �������� ��� ��������� segmentation fault. + ������� ������� ��������. + + *) �����������: ������������� � ������� ngx_http_eval_module; ������ + ��������� � 0.8.42. + + ��������� � nginx 0.8.53 18.10.2010 *) ����������: ������ ��������� error_page ��������� ������ ��� ������� @@ -7,7 +21,7 @@ *) ����������: ��������� gzip_disable ������������ ����������� ����� degradation. - *) �����������: ��� ������������� ��������� AIO, ����� ����������� + *) �����������: ��� ������������� ��������� AIO ����� ����������� ������ �������. ������� ������� ������. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-0.8.53/src/core/nginx.h new/nginx-0.8.54/src/core/nginx.h --- old/nginx-0.8.53/src/core/nginx.h 2010-10-04 15:50:09.000000000 +0200 +++ new/nginx-0.8.54/src/core/nginx.h 2010-12-14 11:33:37.000000000 +0100 @@ -8,8 +8,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 8053 -#define NGINX_VERSION "0.8.53" +#define nginx_version 8054 +#define NGINX_VERSION "0.8.54" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-0.8.53/src/http/modules/perl/nginx.pm new/nginx-0.8.54/src/http/modules/perl/nginx.pm --- old/nginx-0.8.53/src/http/modules/perl/nginx.pm 2010-10-04 15:50:09.000000000 +0200 +++ new/nginx-0.8.54/src/http/modules/perl/nginx.pm 2010-12-14 11:33:37.000000000 +0100 @@ -48,7 +48,7 @@ HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '0.8.53'; +our $VERSION = '0.8.54'; require XSLoader; XSLoader::load('nginx', $VERSION); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-0.8.53/src/http/ngx_http.c new/nginx-0.8.54/src/http/ngx_http.c --- old/nginx-0.8.53/src/http/ngx_http.c 2010-09-28 08:50:52.000000000 +0200 +++ new/nginx-0.8.54/src/http/ngx_http.c 2010-12-14 11:41:22.000000000 +0100 @@ -1870,8 +1870,12 @@ if (addr[i].hash.buckets == NULL && (addr[i].wc_head == NULL || addr[i].wc_head->hash.buckets == NULL) - && (addr[i].wc_head == NULL - || addr[i].wc_head->hash.buckets == NULL)) + && (addr[i].wc_tail == NULL + || addr[i].wc_tail->hash.buckets == NULL) +#if (NGX_PCRE) + && addr[i].nregex == 0 +#endif + ) { continue; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-0.8.53/src/http/ngx_http_core_module.c new/nginx-0.8.54/src/http/ngx_http_core_module.c --- old/nginx-0.8.53/src/http/ngx_http_core_module.c 2010-10-18 12:14:00.000000000 +0200 +++ new/nginx-0.8.54/src/http/ngx_http_core_module.c 2010-12-14 11:38:42.000000000 +0100 @@ -910,7 +910,11 @@ return NGX_AGAIN; } - /* rc == NGX_OK || rc == NGX_ERROR || rc == NGX_HTTP_... */ + if (rc == NGX_DONE) { + return NGX_OK; + } + + /* NGX_OK, NGX_AGAIN, NGX_ERROR, NGX_HTTP_... */ ngx_http_finalize_request(r, rc); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-0.8.53/src/os/unix/ngx_user.c new/nginx-0.8.54/src/os/unix/ngx_user.c --- old/nginx-0.8.53/src/os/unix/ngx_user.c 2008-06-17 17:00:30.000000000 +0200 +++ new/nginx-0.8.54/src/os/unix/ngx_user.c 2010-12-14 11:35:06.000000000 +0100 @@ -41,11 +41,11 @@ err = ngx_errno; if (err == 0) { - len = ngx_strlen(value); + len = ngx_strlen(value) + 1; *encrypted = ngx_pnalloc(pool, len); if (*encrypted) { - ngx_memcpy(*encrypted, value, len + 1); + ngx_memcpy(*encrypted, value, len); return NGX_OK; } } @@ -79,11 +79,11 @@ value = crypt((char *) key, (char *) salt); if (value) { - len = ngx_strlen(value); + len = ngx_strlen(value) + 1; *encrypted = ngx_pnalloc(pool, len); if (*encrypted) { - ngx_memcpy(*encrypted, value, len + 1); + ngx_memcpy(*encrypted, value, len); } #if (NGX_THREADS && NGX_NONREENTRANT_CRYPT) ++++++ nginx-svn4268.patch ++++++ --- src/core/ngx_resolver.c +++ src/core/ngx_resolver.c @@ -1922,7 +1922,12 @@ n = *src++; for ( ;; ) { - if (n != 0xc0) { + if (n & 0xc0) { + n = ((n & 0x3f) << 8) + *src; + src = &buf[n]; + + n = *src++; + } else { ngx_memcpy(dst, src, n); dst += n; src += n; @@ -1932,12 +1937,6 @@ if (n != 0) { *dst++ = '.'; } - - } else { - n = ((n & 0x3f) << 8) + *src; - src = &buf[n]; - - n = *src++; } if (n == 0) { continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
